312-50V10 · Question #214
The network in ABC company is using the network address 192.168.1.64 with mask 255.255.255.192. In the network the servers are in the addresses 192.168.1.122, 192.168.1.123 and 192.168.1.124. An attac
The correct answer is C. He is scanning from 192.168.1.64 to 192.168.1.78 because of the mask /28 and the servers are. The attacker used a /28 prefix in his nmap command instead of the correct /26, limiting his scan to 192.168.1.64-192.168.1.79 and excluding the servers at .122, .123, and .124.
Question
The network in ABC company is using the network address 192.168.1.64 with mask 255.255.255.192. In the network the servers are in the addresses 192.168.1.122, 192.168.1.123 and 192.168.1.124. An attacker is trying to find those servers but he cannot see them in his scanning. The command he is using is: nmap 192.168.1.64/28 Why he cannot see the servers?
Options
- AHe needs to change the address to 192.168.1.0 with the same mask
- BHe needs to add the command ""ip address"" just before the IP address.
- CHe is scanning from 192.168.1.64 to 192.168.1.78 because of the mask /28 and the servers are
- DThe network must be down and the nmap command and IP address are ok
How the community answered
(29 responses)- A24% (7)
- B10% (3)
- C59% (17)
- D7% (2)
Why each option
The attacker used a /28 prefix in his nmap command instead of the correct /26, limiting his scan to 192.168.1.64-192.168.1.79 and excluding the servers at .122, .123, and .124.
Changing to 192.168.1.0 would target a different subnet segment entirely and would not resolve the incorrect prefix length causing the servers to be missed.
There is no 'ip address' parameter in nmap; this is not a valid nmap command option and would result in a syntax error.
A /28 subnet mask covers only 16 addresses (192.168.1.64 to 192.168.1.79), with usable hosts from .65 to .78. The actual network uses a /26 mask (255.255.255.192), which spans 192.168.1.64 to 192.168.1.127. Because the attacker scanned with /28, the servers at .122, .123, and .124 fall completely outside the scanned range and are therefore invisible to nmap.
The network is not necessarily down; the root cause is the incorrect /28 prefix length causing the scan range to exclude the servers.
Concept tested: Nmap subnet scanning with CIDR prefix notation
Source: https://nmap.org/book/man-target-specification.html
Topics
Community Discussion
No community discussion yet for this question.